
ao: = NOT busy AND (input =B) 

ai: = bUSY 
82: = NOT stall 
a3:=stall 

C2: = (output =F(B)) 



FIG. 2a 




FIG. 3a 



Sim(e): = 0 for all edges e in 
assertion graph c if Heacl(e) v, 
and Ant(e) otherwise. 



11 



Mark all edges active. 



512 



515 



Are any edges 
.active^ 
yes 



no 



-► Done 



select an active edge e. 
Mark e not active. 
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i 



Sim(e) :=Sim{e)u( 

^ve- 1 Tail(e) = Head(e)(Ant(e) n POSt(Sim(e')))) 
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Did Sim(e) change? 
I yes 
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Mark all fanouts of e active. 



517 



FIG. 5b 



Mark all edges active. 



Are any edges 
active?, 
yes 



i 



321 



322 



no 



-> Done 



Select an active edge e. 
iviarl< e not active. 



Ant(e) :=Ant(e) n ( 

•^ve' I Head(e') =Tail(e)^ Pre(Ant(e'))) 



iviarl< all fanins of e active. 
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• FIG. 5a 




FIG. 6a 



strengthen antecedents for all 
edges In assertion graph G. 



Compute simulation relation 

using the strengthened 
antecedents for all edges in 
assertion graph c . 



611 



612 



Compare simulation relation set Jx^^^^ 

of each edge as a subset of 
consequence set of each edge. 



FIG. 6b 



Ant*(e):= strengthened 
antecedents for all edges e in 
assertion graph C. 



Sim*(e):=simulation relation 
using Ant*(e) as the antecedent 
labels for all edges e in assertion 
graph c . 



Mark all edges e active. 



select an active edge e. 
Mark e not active. 



i 



lsSim*(e) contained 
by Cons(e)? 
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627 



621 



622 



623 



624 



no 



► SATISFIED 



626 



no 



^ NOT 
SATISFIED 



713 



711 

{So, Si; S2, $3; Sa, Ss, Se} 



FIG. 7 




{SO; Sl, SS; • • • • • • {Sl; S2 ; Sz , Sa , Ss , 




{So; Si, S2, Ss, Sa} 




• • • {S2; Ss, S4; Ss, Se} 




{So, Si, S2, Ss} • • • 




{Ss, S4, Ss, Se} 



{So, Si, S2} 





• • • {S4, Ss, Se} 



\ / ir^^—^\ V /V--\— --\\ \/ /V--\- 
\ {So, S^l {Si, S2}Vv{S2;\ Ss}'^ {S3, Sa}V^{Sa, Ss}^ {Ss, 

\ j4 — / / \ \ / / \ ^ w/l__^^y / / 

X / \ X X / X X X / 
/{Si} fS2}\ \/{&} {S,}\ /{Ss} 
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Abstract model M to obtain M^/ 

i ; 

Abstract assertion graph c to 
obtain C^. 

i 

Compute simulation relation 

using the abstracted 
antecedents for all edges in 
assertion graph to obtain 



Sim,* 




compare Simc (e) of each edge e 
as a subset of consequence set 
cons(e) of each edge e. 



FIG. 8b 

^ 821 



Abstract model M to obtain 



Abstractassertlon graph c to 
obtain C^. 



Strengthen antecedents for all 
edges in assertion graph Ca to 
obtain Ant^*. 



Compute simulation relation 

using the strengthened 
antecedents for all edges in 
assertion graph Ca to obtain 
SimA*. 



concretize SimA* to obtain 
Simc^Sim*. 



822 



823 



824 



825 



Compare Simc (e) of each edge e 
as a subset of consequence set 
cons(e) of each edge e. 



826 



strengthen antecedents for all 
edges in assertion graph c to 
obtain Ant*. 

i 

Abstract model ivi to obtain iVia. 



Abstract strengthened 
assertion graph G to obtain c^. 

i 

compute simulation relation 

using the abstracted 
strengthened antecedents for 
all edges in assertion graph 
to obtain SimA*. 



FIG. 8C 

^ 835 



concretize Sim^* to obtain 
Simc^Sim*. 



851 



852 



854 



855 



Compare Simc (e) of each edge e, 
as a subset of consequence set 
Cons(e) of each edge e. 



856 



• FIG. 11a 




FIG. 12a 



SirrisCv, v:): = ((initE(v, y:)AU) 
AntgCv, vT)) where initE is the 
predicate for outgoing edges 
from initial vertex vl. 



i 



^1211 



Sims (v, V) : =Sims (v, V) ug (us vbes"^ 
(Ant(\/, v:)ns Posts (Sims (v-, y))) lb/ y l) 



1215 




FIC.12b 



Ants(v-, v) is the original 
Ants <V'' y) f ronn Gs . 



Ants(y-, y) : = Antg (y-, y) ng ( 

Us vbeB'"^ p^Gs (Ants ^y; y^^^ y^^^ 



^1221 
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► Done 



FIG. 13 




